http://www.e-rave.nl/create-a-self-signed-ssl-key-for-postfix
openssl genrsa -des3 -rand /etc/hosts -out mail.domain.com.key 2048
chmod 600 mail.domain,com.key
openssl req -new -key mail.domain.com.key -out mail.domain.com.csr
openssl x509 -req -days 365 -in mail.domain.com.csr -signkey mail.domain.com.key -out mail.domain.com.crt
openssl rsa -in mail.domain.com.key -out mail.domain.com.key.nopass
mv mail.domain.com.key.nopass mail.domain.com.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 mail.domain.com.key
chmod 600 cakey.pem
mv mail.domain.com.key /etc/ssl/private/
mv mail.domain.com.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/mail.domain.com.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.com.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = mail.example.com'
In order to create Courier certs:
All previous work was done in: /root/postfix_smtpd_cert/
cd /root/postfix_smtpd_cert/
cat mail.domain.com.key mail.domain.com.crt >> ../courier_cert/mail.domain.combined.pem
cd ../courier_cert/
openssl dhparam 1024 >> mail.domain.combined.pem
cp mail.domain.combined.pem /etc/courier/
cd /etc/courier/
edit 2 files: pop3d-ssl and imapd-ssl such that the line reads:Â
TLS_CERTFILE=/etc/courier/mail.domain.combined.pem
Then restart both services:
/etc/init.d/courier-pop-ssl restart
/etc/init.d/courier-imap-ssl restart